You are currently browsing the category archive for the ‘Exchange Server’ category.

A co-worker of mined had attempted to put in a Exchange 2013 recently – in which causing the UM Server not to work unexpectedly. Although after cleaning up the Exchange 2013, we notice that:

  • Dialing to Voice Mail doesn’t to work anymore
  • Dialing to the Exchange Auto Attendant & Subscriber access seems to just “dropped”
  • Miss call notifications & voice mail no longer arrives in the mailbox

From the Exchange Server, such error kept surfacing when an attempt is made through the Lync Client

The following UM IP gateways did not respond as expected to a SIP OPTIONS request.

Transport = TLS, Address = LyncPoolServer.domain.com Port = 5061, Response Code = 0, Message = This operation timed out

UMNotWorking01

From the Lync Server:

Dial Plan Unknown

Dialplan [DialPlanName.domain.com] not recognized by routing application.

Cause: Dial plan does not exist, or Microsoft Lync Server 2013 does not have permission to read the relevant Active Directory objects.

Resolution: If the dial plan is valid, then run  exchucutil.ps1 in appropriate Exchange forest to give permission to Microsoft Lync Server 2013. If the dial plan is not valid, then clean up proxyAddress attribute for the affected users.

UMNotWorking01

As we suspected that during the Exchange 2013 installation, some of the permissions may have been reset or altered, causing the issue above, so we went ahead and re-run the script of ExchUCUtil.ps1 from the Exchange 2010 Unified Messaging role server and restarted the services.

However, the first error still appears and to confirm this, we’d to check the Dial Plans on the Exchange UM Server:

Get-UMIPGateway | fl

UMNotWorking03

Notice that the Port displays the value of 0 ; to solve this matter, we’d to manually assign the port number of 5061 to each Lync Server 2013:

Set-UMIPGateway -Identity LyncPool.domain.com -Port 5061

Next, a restart on the Microsoft Exchange Unified Messaging & Lync Server Front-End services will bring the Voice Mail back “alive”

Read the rest of this entry »

Was working on my Wave 15 lab materials early this morning when my Exchange 2013’s IIS just crashed on me. Which resulted I need to rebuild the whole Exchange Virtual machine (too bothersome to troubleshoot as I was running short of time). So as quickly as possible, I’ve wipe out the Operating System disk and recreate a differencing disk (the beauty of Hyper-V, saves me plenty of time of copying a sysprep VHD :))

Once the machine is booted, I’d attempted to rebuild the Exchange by using the /m:RecoverServer cmdlet but failed as I’ve accidentally wiped the Databases File as well (sheessh). So I’d to re-run the entire installation process. However, any obstacle had “bestowed” upon me when the Setup detects that the Exchange was previously installed with Exchange and didn’t allow me to proceed with it.

So my next step to quickly resolve this matter (please don’t do this in the production!):

  • Run ADSIedit
  • Anchor to the Services under the Configuration Container (CN=Configuration, DC=Domain, DC=com)
  • Locate & delete every single object within Microsoft Exchange & Microsoft Exchange Autodiscover

Exchange 2013 Rebuild 01

Next reboot the machine and re-run the installer; another problem hit me.

Run the pre-requisites check, a bunch of permissions issues was thrown, namely that my account wasn’t part of the Organization Management Security Group & Enterprise Admin Security Group although the account is still intact with those groups. Hence I decided to re-run Prepare Schema & Prepare AD just to confirm. This time, a different error was thrown, from the Exchange Setup Log, this was capture:

[ERROR] Setup encountered a problem while validating the state of Active Directory: Couldn’t Find the Enterprise Organization container

And after searching a bit, I found an article which helped: Duplicate Microsoft Exchange System Objects container exists in Active Directory. Within the ADUC, I’d deleted the entire container Microsoft Exchange System Objects

Exchange 2013 Rebuild 02

Walla, once it’s deleted, the Setup can now proceed. :p

Updated [24th April 2013, 3.30PM]

OK, it seems that the above clean-up wasn’t sufficient and I was forced to start from scratch. It appears that someone has already blogged about it and I came to notice that this is not a supported method for Exchange clean-up: Exchange Clean-up

However, I hope it proves useful for those out there seeking for information and help 🙂

For those whom had walk through the evolution of Office Communications Server 2007/2007 R2, a lot of those were wondering: where had the Communicator Web Access (CWA) went to? Basically it hasn’t went anywhere, just that it has been now ‘merged’ together with Exchange Outlook Web App (OWA). I see this as a advantage to most customers where you’ve a single console for both mail and also instant messaging, truely Unified way to Communicate! Not to mention reducing the additional role on Lync just to have this featured enabled.

To get started, download these components:

  1. Microsoft .NET Framework 3.5 (if your Exchange 2010 SP1 is running on Windows Server 2008) – http://download.microsoft.com/download/6/0/f/60fc5854-3cb8-4892-b6db-bd4f42510f28/dotnetfx35.exe
  2. Unified Communications Managed API 2.0, Core Runtime (64-bit) – http://www.microsoft.com/download/en/details.aspx?id=4705
  3. For Exchange 2010 SP1 Client Access Server Role on Windows Server 2008 KB 2647091 Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix – http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1F565A42-71D2-4FBD-8AE0-4B179E8F02AB
  4. KB 968802 Microsoft Office Communications Server 2007 R2 Hotfix – http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19178
  5. Microsoft Office Communications Server 2007 R2 Web Service Provider – http://www.microsoft.com/downloads/en/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en
  6. KB 981256 OCS 2007 R2 Web Service Provider Hotfix – http://www.microsoft.com/download/en/details.aspx?id=797

Once you’ve all these downloaded and install the files in the listed sequence:

It took me about an hour just to figure out the links and also the sequence of installation, so for readers who often visit my blog site – you’re in luck! 😉

Unified Communications Managed API 2.0, Core Runtime (64-bit) would detect and install if Windows Media Service is not present. The system would reboot itself after the installation and you would need to reinitiate the installation once more get Unified Communications Managed API 2.0, Core Runtime (64-bit) installed.

After the installation of UCMA and also hotfix applied, go to the Control Panel > Programs & Features to confirm that theMicrosoft Unified Communications Managed API, Core Runtime 64-bit is installed with the version on 3.5.6907.244.

Proceed with the remaining OCS 2007 R2 Web Service provider and the hotfix; to confirm the installation is successful:

  • Open the register editor (regedit) and look for HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA\InstantMessaging\ImplementationDLLPath. The value displayed should be <Exchange Install Path>\ClientAccess\owa\bin\Microsoft.Rtc.UCWeb.dll
  • Copy the path above and make sure the Microsoft.Rtc.UCWeb.dll exist in the folder

Now, let’s proceed to run the configurations on the Exchange CAS Server Role:

  1. Launch the Exchange Management Shall (EMS) and type in the following command: Get-ExchangeCertificate|fl Services,Thumbprint. Copy the thumbprint that has the IIS service listed
  2. Run the next command to enable Instant Messaging onto the OWA Virtual Directory: Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true –InstantMessagingCertificateThumbprint [PasteYourCertificateThumbPrintOnStep1] -InstantMessagingServerName LyncPoolFQDN
  3. Type IISreset and wait for the services to be restarted

On the Lync Server

  1. Launch the Lync Topology Builder and select the option to Download topology from existing deployment
  2. Expand the Site Name and locate the Trusted Application Servers. Right click to create a new Trusted Application Pool
  3. Here’s the tricky part, at this step, a lot of people may have just put in the Exchange Server CAS FQDN; this is not exactly the correct way – you’ll need to cross check on the Subject Name (SN) on the certificate that is assigned to the Exchange IIS services. In some cases, some would use the internal Microsoft CA Services and some would use 3rd party SSL certificates. For my case, I’d placed the public domain that is being used to access the Outlook WebApp service (e.g. Webmail.mydomain.com) . Select Single Computer Pool and click Next
  4. Select the Pool Server name at the Next Hop Pool option and click on Next
  5. Complete the wizard by publishing the changes; if you’re using a public name instead of the actual Exchange FQDN, you’ll receive a warning that the published name is not registered in the Active Directory objects. Ignore the message and proceed to the next step
  6. Open the Lync Management Shell
  7. Type in netstat -a | findstr 5059, make sure that the server is not using this port as we’ll be fixing this port that OWA and Lync would be interacting with each other
  8. Take note, this is another tricky step, you would need to use the Certificate Subject Name (SN) that was initiall created under the Trusted Application Pool. Type the following command: New-CsTrustedApplication -ApplicationId ExchangeOWA -TrustedApplicationPoolFqdn <Certificate Subject Name>-Port 5059
  9. Publish the topolgy: Enable-CsTopology

We’re now almost done, open the web browser from any of the endpoints and login to OWA and you should get the Lync Instant Messaging function enabled:

References:

The festive holidays has just ended and things are starting to pick up after it. I’d went through a combination of tsunami and hurricans when a customer contacted me that all of their remote users weren’t able to access the Outlook Web Access due to expired passwords.

Since these users are accessing the messaging services from the Internet without any VPN service back to the data center, we’d to enable the password reset function within Exchange 2010 SP1 and TMG 2010:

  1. Login to the Client Access Server (CAS)
  2. Open up the registry editor (regedit.exe)
  3. Navigate to HKLM\System\CurrentControlSet\Services\MSExchangeOWA
  4. Create a REG_DWORD registry: ChangeExpiredPasswordEnable = 1
  5. Go to Run > type in IISreset and wait for the services to be restarted

Since the environment has 2 CAS unit and configured with Windows NLB, I’d to make sure the first unit works after the IISReset command and repeated step 1 – 5 at the second unit.

Moving on, we would need to login to the Reverse Proxy, running on TMG 2010 SP2. To do so, the publishing rule must have the following configured:

  • Form Based Authentication

 

  • Under the Web Listener > Forms > Password Management > Check the Allow users to change their password
  • Click OK to confirm the changes and click Apply once more to commit the changes at the TMG Management Console

Right now, users with expired password attempts to login through  the Outlook Web App, they would be redirected to a different page which allows them to change their password

Now, Administrators doesn’t need to manually resets the users password manually and let the technology do its wonders!

If you happen to be deploying Exchange 2007/Exchange 2010 Server in a multiple sites environment and using a Cisco ASA Firewall as your VPN tunnel, you’ll likely encounter issues below:

1. Users are only able to send emails within the same  Active Directory site

2. When users attempt to send an email over to the next hop/Active Directory Site, under the Exchange Queue, you’ll see a Retry status: 451 4.4.0 Primary target IP address responded with “451 5.7.3 Cannot achieve Exchange Server authentication” SMTPRelay to remote AD Site

3. When you attempt to telnet from the Exchange Servers from both site, you’ll get such response from the telnet command: 220*************

The only way to fix this is to use the Commandline Interface (CLI) and type in this command:

telnet YourCiscoManagementIP

device password (default is usually cisco)

en

password (Management password)

no fixup protocol smtp 25

write mem

Remember to run these command all firewalls at each site. Once is done, telnet to the Exchange server with port 25 and you should get a normal response:

220 ExchangeServerHostName.Domain.com Microsoft ESMTP MAIL Service ready at Day, Date Month Year, Hour:Minute:Seconds +TimeZone

Was doing my daily routine readings on TechNet and discover this new tool powered by Silverlight.

The options provided are based on the supported migration/upgrade path of Exchange 2010:

  1. Upgrade from Exchange 2003
  2. Upgrade from Exchange 2007
  3. Upgrade from an environment which has Exchange 2003 & Exchange 2007 co-exist
  4. Green field deployment

New to Exchange Server ? Fear not as at the bottom of each question, there’re tool-tips displayed (click the arrow button to show/hide):

After you’ve answered the questions, the tool will then generate a Deployment Checklist customized to your needs:

Few interesting options that you can do from here:

  • The guide practically provides a overall step-by-step guide. To make it better, there’re screenshots inside of the tool as well!
  • TechNet Library links are also provided to give further clarity to the deployment
  • Downloadable checklist for offline references
  • Mark completed tasks or review back the tasks
  • At the end of this assistant, it also recommends post installation tasks by using Exchange Best Practice Analyzer and also the Exchange Remote Connectivity Analyzer Tool

At last, you may also provide your feedback to Microsoft about this Deployment Assistant tool 😉

Locate this tool from here: Exchange Deployment Assistant

Found a good place for a ‘quickie’ on Exchange 2010 Technical Preview: Microsoft Learning – Learning Snacks

Make sure you’ve a Passport sign-up in order to gain access!

%d bloggers like this: